Strengthened Public Key Protocol

1. A method of determining the integrity of a message exchanged between a pair of correspondents through a data communication system, said message being secured by embodying said message in a function of a public key derived from a private key selected by one of said correspondents, in accordance with a public key algorithm, said method performed in a cryptographic unit comprising the steps of: a) obtaining said public key; b) validating said public key by verifying said public key is suitable for use in said public key algorithm by subjecting said public key to at least one mathematical test to determine whether said public key satisfies a predefined mathematical characteristic indicative of the strength of said public key; and c) accepting messages utilizing said public key if said public key satisfies said predefined mathematical characteristics.

2. A method according to claim 1 , wherein said public key is an element of a finite group having a first predetermined order, and said predefined mathematical characteristics exclude membership in a subgroup of said finite group having a second predetermined order less than said first predetermined order.

3. A method according to claim 2 , wherein said mathematical test includes operating on said public key using the value of said second predetermined order and determining whether the resultant element corresponds to the group identity, whereby said public key is rejected when said public key is a member of said subgroup.

4. A method according to claim 1 , wherein said mathematical characteristics include arithmetic requirements of keys.

5. A method according to claim 4 , wherein said arithmetic requirements include that said public key is in a range bounded by a parameter and said test is performed by verifying that said public key is greater than 1 and less than said parameter.

6. A method according to claim 5 , wherein said public key is for use with a modulus, and said parameter is a function of said modulus.

7. A method according to claim 6 , wherein said arithmetic requirements include that said public key includes an exponent that is odd.

8. A method according to claim 7 , wherein said arithmetic requirements include that said exponent is 3 or 65537.

9. A method according to claim 4 , wherein said public key is an element of a finite group, and said arithmetic requirements include the order of said public key, and said test is performed by operating on said public key using the value of an order of said finite group and confirming that the resultant value corresponds to the group identity.

10. A method according to claim 4 , wherein said public key is a point on an elliptic curve.

11. A method according to claim 1 , wherein said public key is an element of a prime order subgroup S of a group G defined over a finite field and having a first predetermined order q less than the order n of said group G, and said predefined mathematical characteristic excludes membership in a subgroup S having an order less than a predetermined value to render a brute force approach against said public key impractical.

12. A cryptographic unit for use in a data communication system established between a pair of correspondents exchanging public information across a communication channel by way of a public key encryption scheme, said unit including a monitor to receive a public key from one of said correspondents and validate said public key by verifying said public key is suitable for use in said public key algorithm by subjecting said public key to at least one mathematical test to determine whether said public key satisfies predefined mathematical characteristics indicative of the strength of said public key.

13. A cryptographic unit according to claim 12 , wherein said public key is an element of a finite group having a first predetermined order, and said predefined mathematical characteristics exclude membership in a subgroup of said finite group having a second predetermined order less than said first predetermined order.

14. A cryptographic unit according to claim 13 , wherein said mathematical test includes operating on said public key to the value of said second predetermined order and determining whether the resultant element corresponds to the group identity, whereby said public key is rejected when said public key is a member of said subgroup.

15. A cryptographic unit according to claim 12 , wherein said mathematical characteristics include arithmetic requirements of keys.

16. A cryptographic unit according to claim 15 , wherein said arithmetic requirements include that said public key is in a range bounded by a parameter and said test is performed by verifying that said public key is greater than 1 and less than said parameter.

17. A cryptographic unit according to claim 16 , wherein said public key is for use with a modulus, and said parameter is a function of said modulus.

18. A cryptographic unit according to claim 17 , wherein said arithmetic requirements include that said modulus is odd.

19. A cryptographic unit according to claim 18 , wherein said public key includes an exponent and said arithmetic requirements include that said exponent is 3 or 65537.

20. A cryptographic unit according to claim 15 , wherein said public key is an element of a finite group, and said arithmetic requirements include the order of said public key, and said test is performed by operating on public key tousing the value of an order of said finite group and confirming that the resultant value corresponds to the group identity.

21. A cryptographic unit according to claim 15 , wherein said public key is a point on an elliptic curve.

22. A method of establishing in a cryptographic unit a public key of a correspondent for use in a discrete log public key cryptosystem established between a pair of correspondents comprising the steps of utilising a group G of order n over a finite field, said group G having a subgroup S of the group of order q less than the order n of the group G, obtaining an element of the subgroup S to generate the q elements of the subgroup S and combining said generator with an integer x selected as a private key of said correspondent to generate a corresponding public key, where the order q of the subgroup S is selected to be sufficiently large that a brute force approach against the cryptosystem is impractical and the intractability of the discrete log problem inhibits recovery of the private key x.

23. A method according to claim 22 wherein said group G is an elliptic curve group and said subgroup S is of prime order.

24. A method of establishing in a cryptographic unit a session key for encryption of data between a pair of correspondents having respective private keys x and y comprising the steps of selecting an elliptic curve group G of order n over a finite field, establishing a subgroup S having a prime order q of the elliptic curve group G, where q is less than n, determining an element α of the group G to generate the q elements of the subgroup S and combining said element α and said private keys x,y to generate a session key common to each correspondent.

25. A method of establishing, by way of a discrete log key agreement scheme performed in a data communication system having cryptographic units, a session key for encryption of data between a pair of correspondents in a public key cryptographic system, said method comprising the steps of selecting in a cryptographic unit a finite group G of order n, establishing a subgroup S of the group G, said subgroup S having a prime order q less than n and greater than 10 40 , determining an element of the subgroup S to generate the q elements of the subgroup S and utilizing said element to generate a session key at each correspondent.

26. The method of claim 25 , wherein the group G is an elliptic curve group.

27. A discrete log based key agreement cryptographic system to permit a message to be exchanged between a pair of correspondents in a data communication system, and wherein said message is secured in a cryptographic unit by combining said message with a key generated by said system, said system including a generator of each element of a finite group S of prime order q, which is a subgroup of a group G of order n, where q<n and has a sufficient number of elements to render a brute force approach against the cryptographic system impractical and wherein said key is a function of an integer x and said generator.

28. A discrete log based key agreement system according to claim 27 wherein said group G is an elliptic curve group.

29. A discrete log based key agreement system according to claim 27 wherein said order q is greater than 10 40 .